Vulnerability CVE-2013-4357

Vulnerability Name:

CVE-2013-4357 (CCN-95103)

Assigned:

2013-10-28

Published:

2013-10-28

Updated:

2020-01-14

Summary:

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-120

Vulnerability Consequences:

Denial of Service

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:eglibc:eglibc:*:*:*:*:*:*:*:* (Version < 2.14)

Configuration 2:

cpe:/o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:ltss:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration 5:

cpe:/o:fedoraproject:fedora:18:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:19:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:glibc:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134357	V	CVE-2013-4357	2022-05-20
oval:org.opensuse.security:def:33060	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:26167	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:32212	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:31688	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:36414	P	glibc-html-2.11.3-17.84.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42543	P	glibc-2.11.3-17.84.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36136	P	glibc-2.11.3-17.84.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31614	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:26039	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:26027	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:31603	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:33099	P	Security update for python36 (Moderate)	2021-03-19
oval:org.opensuse.security:def:32268	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:26111	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:25975	P	Security update for openssl-1_0_0 (Important)	2020-12-09
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:27134	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25697	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32378	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26642	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26262	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31912	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27099	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25686	P	Security update for wicked (Important)	2020-12-01
oval:org.opensuse.security:def:32356	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:26593	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31820	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:27412	P	glibc-html on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26461	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25685	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:32317	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:26540	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27377	P	boost-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25964	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:26417	P	Security update for Mozilla Thunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26389	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26739	P	libapr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25963	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26403	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:26305	P	Security update for python-setuptools (Moderate)	2020-12-01
oval:org.opensuse.security:def:25889	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26695	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26364	P	Security update for irssi (Low)	2020-12-01
oval:org.opensuse.security:def:32056	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26248	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25761	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32422	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:31602	P	Security update for tomcat6	2020-12-01
oval:org.opensuse.security:def:26681	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26315	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:31969	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.mitre.oval:def:26728	P	USN-2306-3 -- eglibc regression	2014-11-10
oval:org.mitre.oval:def:25924	P	SUSE-SU-2014:1129-1 -- Security update for glibc	2014-11-10
oval:org.mitre.oval:def:26402	P	USN-2306-2 -- eglibc regression	2014-10-13
oval:org.mitre.oval:def:26211	P	USN-2306-1 -- eglibc vulnerabilities	2014-09-15
oval:org.mitre.oval:def:25256	P	SUSE-SU-2014:0760-1 -- Security update for glibc	2014-09-08
oval:com.ubuntu.precise:def:20134357000	V	CVE-2013-4357 on Ubuntu 12.04 LTS (precise) - low.	2013-09-20
oval:com.ubuntu.trusty:def:20134357000	V	CVE-2013-4357 on Ubuntu 14.04 LTS (trusty) - low.	2013-09-20

BACK